Business Continuity, Risk Management

Peer Collaboration to effectively Manage Third Party Risks

Background

Weakest Link - Third Party Risk Management
Weakest Link – Third Party Risk Management | Source: www.riskpro.in

The threat landscape is increasing everyday, and so are the need to comply with the changing regulations, and all this in alignment with corporate goals. When we consider third-party in our risk management the scope of managing risks expands to systems and process of third parties that affect our business. In an aim to reduce cost, most organizations are outsourcing most business areas to third parties, increasing the dependence on them and this is also adding the risk that tags along with it. No matter how good your organizations risk management is, one wrong vendor can put everything at risk. A chain is only as strong as its weakest link

Magnitude of 3rd party dependence

  • Banks and financial institutions have applications that work with 3rd party terminals – POS, Vending Machine, Payment Gateways etc.
  • Customers accessing device from different kinds of networks, devices and locations
  • Vendors, Outsourced support services connected to your ICT systems
  • Regulatory compliance by third parties involved in your business
  • Ensuring SLA and quality of service areas dependent on third parties
  • Troubles of organizations resource over-utilization by third party providers

Difficulty in current system

Third Party Risk Assessment – The organizations need to keep reiterating their process continuously to assess vendor, and keeping the assessment updated to the current threat landscape is a challenging process. Of course cost is a major factor too.

The process laid out for assessment, and even managing the risk of third party risks, differs by organization and it often results in

  • Multiple organizations dealing with same third party / vendor, repeating the assessment
  • Difficult of vendors to comply with different perception of regulation and standards

Solution – Peer Collaboration in Third Party Risk

  • Standardized parameters, process for risk assessment mutually acceptable by organizations of same category (peers)
  • Conduct single assessment and use results of these to evaluate vendors in all the organizations
  • Form associations, meet regularly and share the findings on evolving risk and effective solutions to assess and manage them
  • Collaborate with peers on best practices and improvements
  • Educate peers, conduct joint awareness sessions

 

Benefits

  • Less financial burden on each organization
  • Lesser time needed for validation of vendors already in pool
  • Quicker update on new risk and ways to manage them
  • Standardized process across industry
  • Better & Optimal use of existing resources
  • Update best-practices based on bench-marking jointly with peer organizations

While moving to the thought of Peer Collaborated Risk Management, we should understand that the underlying goal behind Peer collaboration in Third Party Risk Management (TPRM) shouldn’t be about competition but it is rather about minimizing the possible risks.



Related posts:


Share this:
Tags: , , ,

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.